Is it time for banks to look at their KYC (Know Your Customer) norms again and tighten up the screws?

Well, looking at all the disturbances in India, the thought that comes to mind is that it is not quite possible without easy money transfer for people who are disturbing the society.

Thus money is easily made available to such people, and, to say the least, this is a dangerous matter. Apart from social awareness, help from public, and best governance practices, we require very strict norms for identifying customers who enter into such banking transactions.

If we look at the emergence of KYC norms we can understand how these standards emerged.

The main purpose of KYC norms was to restrict money laundering and terrorist financing when it was introduced in late the 1990s in the United States. The US government turned very strict after 9/11 and all regulations were finalised before 2002 for KYC.

The US has made changes in its major legislations -- Bank Secrecy Act, USA Patriot Act, et cetera -- to make KYC norms really effective for the banking sector.

Taking a leaf out of the US book, the Reserve Bank of India too directed all banks to implement KYC guidelines for all new accounts in the 2nd half of 2002.

For existing accounts, imposing KYC norms was a little difficult, so the RBI issued guidelines for the same at the end of 2004.

What is KYC?

But let us first understand what KYC norms actually mean.

In order to prevent identity theft, identity fraud, money laundering, terrorist financing, etc, the RBI had directed all banks and financial institutions to put in place a policy framework to know their customers before opening any account.

This involves verifying customers' identity and address by asking them to submit documents that are accepted as relevant proof.

Mandatory details required under KYC norms are proof of identity and proof of address. Passport, voter's ID card, PAN card or driving license are accepted as proof of identity, and proof of residence can be a ration card, an electricity or telephone bill or a letter from the employer or any recognised public authority certifying the address.

Some banks may even ask for verification by an existing account holder. Though the standard documents which are accepted as proof of identity and residence remain the same across various banks, some deviations are permitted, which differ from bank to bank.

So, all documents shall be checked against banks requirements to ascertain if those match or not before initiating an account opening process with any bank. Thus opening a new bank account is no longer a cake walk.

Those are the basic requirements of KYC to identify a customer at the account opening stage.

Let's check other aspects of KYC.

To prevent the possible misuse of banking activities for anti-national or illegal activities, the RBI has given various directives to banks:

Strengthening the banks' 'Internal Control System' by allocating duties and responsibilities clearly, and periodically monitoring them.

Before giving any finance at branch level, making sure that the person has no links with notified terrorist entities and reporting any such 'suspect;' accounts to the government.

Regular 'Internal Audit' by internal and concurrent auditors to check if the KYC guidelines are being properly adhered to or not by banks.

Most important, banks must keep an eye out for all banking transactions and identify suspicious ones. Such transactions will be immediately reported to the bank's head office and authorities and norms shall also be laid down for freezing of such accounts.

In 2004, the RBI had come up with more specific guidelines regarding KYC. These were divided into four parts:

Customer Acceptance Policy: All banks shall develop criteria for accepting any person as their customer to restrict any anonymous accounts and ensure documentation mentioned in KYC.

Customer Identification Procedures: Customer to be identified not only while opening the account, but also at the time when the bank has a doubt about his transactions.

Monitoring of Transactions: KYC can be effective by regular monitoring of transactions. Identifying an abnormal or unusual transaction and keeping a watch on higher risk group of the account is essential in monitoring transactions.

Risk management: This is about managing internal work to reduce the risk of any unwanted activity. Managing responsibilities, duties and various audits plus regular employee training for KYC procedures.

These guidelines also specify that KYC should be implemented for existing account holders on the basis of materiality and risk segments.

The RBI had also directed all banks to make a policy for implementing 'Know Your Customer' and anti-money laundering measures and remain fully compliant with given guidelines before December 31, 2005.

But there have been instances of lapses in the implementation of KYC guidelines by several banks. That resulted into the infamous IPO scam. Since January 2006, the RBI has slapped penalties on several leading banks. Till date we have not come across any case of money laundering, terrorist financing or transfer of funds for anti-national activities, but in case of any more lapses in the 'Know Your Customer' guidelines, the threat of the misuse of the banking channels for anti-national activities always lurks around the corner.